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Appendix A 

In The Claims 

1) (Amended) A method of managing risk with the aid of a computer system, 
5 said method comprising: 

a. identifying a set of risk elements, said risk elements being stored in 
a database coupled to said computer; 

b. identifying one or more control procedures associated with each 
said risk element, said control procedures being stored in said 

10 database; 

c. assigning a weight to each said control procedure; 

d. identifying [determining] a compliance rating for each said control 
procedure; and 

e. calculating a compliance score, said compliance score being a 

1 5 function of said assigned weights and said compliance rating of 

said control procedures. 

10) (Amended) A method of managing risk with the aid of a computer 
system, said method comprising: 
20 f. identifying a set of risk elements, said risk elements being stored in 

a database coupled to said computer; 
g. identifying one or more subrisk elements associated with each said 
risk element, each said subrisk element being stored in said 
database; 

25 h. identifying one or more control procedures associated with each 

said subrisk element, said control procedures being stored in said 
database; 

i. assigning a weight to each said control procedure; 
j. identifying [determining] a compliance rating for each said control 
30 procedure, said compliance ratings including a plurality of 
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" categories including at least one category indicating said control 
procedure is not fully compliant; 
k. calculating a compliance score, said compliance score being a 
function of said assigned weights and said compliance rating of 
5 said control procedures; 

1. for each said subrisk, determining whether at least one control 
procedure [procedure] associated with said subrisk is not fully 
compliant; 

m. for each said subrisk associated with at least one control procedure 
10 which is not fully compliant, receiving a signal indicating whether 

said subrisk should be accepted or not accepted; and 
n. for each said subrisk which is indicated as not accepted, 

generating an action plan. 

15 14) (Amended) A method of forecasting risk with the aid of a computer system, 

said method comprising: 

a. identifying a set of risk elements, said risk elements being stored in 

a database coupled to said computer; 
b identifying one or more control procedures associated with each 
20 said risk element, said control procedures being stored in said 

database; 

c. assigning a weight to each said control procedure; 

d. identifying [determining] a compliance rating for each said control 
procedure, said compliance ratings chosen from a set of ratings 

25 including at least one rating identifying a non-fully compliant 

control procedure and at least one rating identifying fully 
compliant control procedures; 

e. for each said control procedure having a non-fully compliant 
rating, generating an action plan, said action plan including a target 

30 date for at least one action listed therein; and 
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calculating an expected compliance score for a future date, said 
expected compliance score being a function of said assigned 
weights, said fully compliant control procedures, and said action 
plan target dates for said non- fully compliant control procedures. 
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